×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SSH Access Not working on ASA's

Answered Question
Jul 7th, 2008
User Badges:

I am configuring my ASA's for ssh access prior to removing telnet access to them. However, I'm running into a problem. After I have configured ssh access (assigned a domain, generated my rsa key, and enabled ssh), I am unable to log in. My ssh client is running ssh v.1 and I've checked to make sure the ASA is allowing v.1 and 2. I've also checked to be sure the username and password for the account I have tried have been correct. Basically, it's behaving as if I have a bad password, as it accepts the connection and the username, but fails to accept the password. These accounts all have a privilege level of 15 and I'm able to use them to log into the ASDM. The policies associated with these accounts are the default and I've tried both configuring a new account through ASDM and the CLI. Neither seems to work. Any ideas?


Thanks!

Correct Answer by anthony.king about 9 years 1 month ago

If you are using local username/passwords, make sure you have this command: "aaa authentication ssh console LOCAL"


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Mon, 07/07/2008 - 07:42
User Badges:
  • Green, 3000 points or more

Karen,


What you are saying is that none of the accounts passwords do work when ssh to the firewall? does this issue applies to the interfaces you have allow ssh under such as inside/outside ?


What version code are you running.


Could you capture ssh debug and post it.


asa#terminal monitor


in config mode

asa(config)#logging monitor 7


then issue debug ssh


try connecting to asa via ssh and capture debug output.


to disable debug

asa#no debugg all


And lastly even though ssh debug is a low level process it is adviced to conduct debug troubleshooting off during network production hours.



Rgds

-Jorge

Correct Answer
anthony.king Mon, 07/07/2008 - 08:20
User Badges:

If you are using local username/passwords, make sure you have this command: "aaa authentication ssh console LOCAL"


redwarrior Mon, 07/07/2008 - 08:26
User Badges:

This was exactly my problem. Once I set aaa authentication to local, it works like a charm! Thanks!

Actions

This Discussion